ssl very sloooow to start

ssl very sloooow to start

am 13.01.2008 21:32:40 von Onetoomany

I am running my website on Windows 2003 Server (quite a decent spec machine,
with not much running on it). I have a standard asp web page, and an SSL
version when the users log in.

I have issued myself a certificate using the Certificate server application
on the same server.
http://support.microsoft.com/kb/299875

What takes the time is for the message that tells me I am accessing a site
that I have not chosen to trust - I would expect this message to pop up
instantly. Once I click OK to the message, the SSL site's performance works
fine.

On a computer that is part of the same domain as the server, I don't get the
message (as expected), and there is no delay in loading the SSL page.

Any help as to where to start looking to get this message to pop up quicker?

Thanks

R

Re: ssl very sloooow to start

am 15.01.2008 13:26:03 von Ken Schaefer

Where did you publish the CRL (Certificate Revokation List) for the CA in
question? That is included in the cert by default, and the browser (if
configured to check to cert revokation) may be timing out attempting to
check to revokation.

Options:
a) publish the CRL to an accessible location. Configure your CA to publish
the CRL there
b) configure the browser not to check to cert revokation (not really
advisible, since this will be for all certs, not just yours)

If your Cert Services is publishing CRL to Active Directory, then your
domain joined machines can query AD to get the CRL quickly, and there is no
issue...

Cheers
Ken

"Onetoomany" wrote in message
news:OTGngOiVIHA.5448@TK2MSFTNGP04.phx.gbl...
>I am running my website on Windows 2003 Server (quite a decent spec
>machine, with not much running on it). I have a standard asp web page, and
>an SSL version when the users log in.
>
> I have issued myself a certificate using the Certificate server
> application on the same server.
> http://support.microsoft.com/kb/299875
>
> What takes the time is for the message that tells me I am accessing a site
> that I have not chosen to trust - I would expect this message to pop up
> instantly. Once I click OK to the message, the SSL site's performance
> works fine.
>
> On a computer that is part of the same domain as the server, I don't get
> the message (as expected), and there is no delay in loading the SSL page.
>
> Any help as to where to start looking to get this message to pop up
> quicker?
>
> Thanks
>
> R
>